Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.8

    MEDIUM
    CVE-2013-1926

    The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a c... Read more

    Affected Products : ubuntu_linux opensuse icedtea-web
    • Published: Apr. 29, 2013
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2008-7215

    The Image Manager in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to rename arbitrary files and cause a denial of service via modified file[NewFile][name], file[NewFile][tmp_name], and file[NewFile][size] parameters in ... Read more

    Affected Products : mambo mostlyce
    • Published: Sep. 11, 2009
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2008-0031

    Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Sorenson 3 video file, which triggers memory corruption.... Read more

    Affected Products : quicktime
    • Published: Jan. 16, 2008
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2007-2929

    The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), exposes unsafe methods to arbitrary web domains, which allows re... Read more

    Affected Products : access_support automated_solutions
    • Published: Aug. 15, 2007
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2018-11456

    A vulnerability has been identified in Automation License Manager 5 (All versions < 5.3.4.4). An attacker with network access to the device could send specially crafted network packets to determine whether or not a network port on another remote system is... Read more

    Affected Products : automation_license_manager
    • Published: Aug. 07, 2018
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2018-11075

    RSA Authentication Manager versions prior to 8.3 P3 contain a reflected cross-site scripting vulnerability in a Security Console page. A remote, unauthenticated malicious user, with the knowledge of a target user's anti-CSRF token, could potentially explo... Read more

    • Published: Sep. 28, 2018
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2006-3388

    Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the table parameter.... Read more

    Affected Products : phpmyadmin
    • Published: Jul. 06, 2006
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2006-1912

    MyBB (MyBulletinBoard) 1.1.0 does not set the constant KILL_GLOBAL variable in (1) global.php and (2) inc/init.php, which allows remote attackers to initialize arbitrary variables that are processed by an @extract command, which could then be leveraged to... Read more

    Affected Products : mybulletinboard
    • Published: Apr. 20, 2006
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2021-39198

    OroCRM is an open source Client Relationship Management (CRM) application. Affected versions we found to suffer from a vulnerability which could an attacker is able to disqualify any Lead with a Cross-Site Request Forgery (CSRF) attack. There are no worka... Read more

    Affected Products : client_relationship_management
    • Published: Nov. 19, 2021
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2018-1002201

    zt-zip before 1.13 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.... Read more

    Affected Products : zt-zip
    • Published: Jul. 25, 2018
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2018-2921

    Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: User Interface). The supported version that is affected is Prior to 8.7.18. Easily exploitable vulnerability allows unauthenticated attac... Read more

    • Published: Jul. 18, 2018
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2025-55194

    Part-DB is an open source inventory management system for electronic components. Prior to version 1.17.3, any authenticated user can upload a profile picture with a misleading file extension (e.g., .jpg.txt), resulting in a persistent 500 Internal Server ... Read more

    Affected Products : part-db
    • Published: Aug. 13, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Denial of Service

  • 5.7

    MEDIUM
    CVE-2025-55003

    OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, OpenBao's Login Multi-Factor Authentication (MFA) system allows enforcing MFA using Time-... Read more

    Affected Products : openbao
    • Published: Aug. 09, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Authentication

  • 5.7

    MEDIUM
    CVE-2019-5914

    V20 PRO L-01J software version L01J20c and L01J20d has a NULL pointer exception flaw that can be used by an attacker to cause the device to crash on the same network range via a specially crafted access point.... Read more

    • Published: Feb. 13, 2019
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2019-11894

    A potential improper access control vulnerability exists in the backup mechanism of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in unauthorized download of a backup. In order to exploit the vulnerability, the adversary needs to do... Read more

    • Published: May. 29, 2019
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2019-14683

    The codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acui_delete_attachment CSRF.... Read more

    Affected Products : import_users_from_csv_with_meta
    • Published: Aug. 08, 2019
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2019-2979

    Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle Financial Services Applications (component: Payments). Supported versions that are affected are 12.0.2 and 12.0.3. Easily exploitable vulnerability allows low privileged attacker with n... Read more

    Affected Products : flexcube_direct_banking
    • Published: Oct. 16, 2019
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2020-3442

    The DuoConnect client enables users to establish SSH connections to hosts protected by a DNG instance. When a user initiates an SSH connection to a DNG-protected host for the first time using DuoConnect, the user’s browser is opened to a login screen in o... Read more

    Affected Products : duoconnect
    • Published: Jul. 20, 2020
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2020-7297

    Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access protected dashboard data via improper access control in the user interface.... Read more

    Affected Products : web_gateway mcafee_web_gateway
    • Published: Sep. 16, 2020
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2024-44744

    An issue in Malwarebytes Premium Security v5.0.0.883 allows attackers to execute arbitrary code via placing crafted binaries into unspecified directories. NOTE: Malwarebytes argues that this issue requires admin privileges and that the contents cannot be ... Read more

    Affected Products :
    • Published: Oct. 01, 2024
    • Modified: Oct. 04, 2024
Showing 20 of 294832 Results